sslv3 alert illegal parameter
This is a discussion on sslv3 alert illegal parameter within the Stunnel Users forums, part of the Networking and Network Related category; I'm having trouble connecting to my stunnel server. Both the client and server are running Ubuntu stunnel4. The connection ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-13-2008
|
|||
|
|||
sslv3 alert illegal parameter
I'm having trouble connecting to my stunnel server. Both the client
and server are running Ubuntu stunnel4. The connection log (from the server) is as follows: sshd accepted FD=8 from [censored]:35982 sshd started FD 8 in non-blocking mode TCP_NODELAY option set on local socket FD 9 in non-blocking mode FD 10 in non-blocking mode Cleaning up the signal pipe Connection from [censored]:35982 permitted by libwrap sshd accepted connection from [censored]:35982 Child process 10251 finished with code 0 SSL state (accept): before/accept initialization SSL state (accept): SSLv3 read client hello A SSL state (accept): SSLv3 write server hello A SSL state (accept): SSLv3 write certificate A SSL state (accept): SSLv3 write certificate request A SSL state (accept): SSLv3 flush data SSL alert (read): fatal: illegal parameter SSL_accept: 14094417: error:14094417:SSL routines:SSL3_READ_BYTES:sslv3 alert illegal parameter Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket sshd finished (0 left) The client reports the following: Snagged 64 random bytes from /path/to/.rnd Wrote 1024 new random bytes to /path/to/.rnd RAND_status claims sufficient entropy for the PRNG PRNG seeded successfully Certificate: /path/to/.stunnel/certificates/host.crt Certificate loaded Key file: /path/to/.stunnel/keys/host.key Private key loaded Loaded verify certificates from /path/to/.stunnel/certificates/ cert.crt Loaded /path/to/.stunnel/certificates/cert.crt revocation lookup file SSL context initialized for service stunnel ssh_exchange_identification: Connection closed by remote host Is this a handshake problem? (But I'm using the same stunnel on both sides!?!?). I don't think my server configuration is at fault, as I've been able to connect to it using other stunnel clients. I have the feeling this has something to do with my version of OpenSSL - can someone confirm? My stunnel/ssl info is as follows: >$ /usr/sbin/stunnel -version stunnel 4.20 on i486-pc-linux-gnu with OpenSSL 0.9.8e 23 Feb 2007 Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP Global options debug = 5 pid = /var/run/stunnel4.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes Service-level options cert = /etc/stunnel/stunnel.pem ciphers = ALL:!ADH:+RC4:@STRENGTH key = /etc/stunnel/stunnel.pem session = 300 seconds sslVersion = SSLv3 for client, all for server TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none Thanks! 
|
Linear Mode
